[nycbug-talk] OpenBSD pf "bakeoff"
Josh Rivel
josh at rivels.org
Fri Jun 15 11:17:43 EDT 2012
.ike-
On Fri, Jun 15, 2012 at 11:06 AM, Isaac Levy <ike at blackskyresearch.net> wrote:
> Wow,
>
> On Jun 15, 2012, at 9:46 AM, Josh Rivel wrote:
>
>> So after badgering my manager nonstop about how great OpenBSD with pf
>> is, he's letting me do a "bakeoff" of two identical boxes - one will
>> be running OpenBSD 5.1 w/pf, and the other a popular commercial
>> firewall software.
>
> Holy moses that's cool.
Indeed :)
>> I probably will not be starting this project until first week in July,
>> but wanted to get some tips (feel free to contact me off list if you
>> don't think it's appropriate) of any custom tuning or deployment tips
>> and tricks for enterprise wide OpenBSD/pf deployments, management of
>> the policies, etc.
>> I really want OpenBSD to win :)
>
> Well, there goes the scientific method ;)
Hahahahaha. Well of course I want OpenBSD to win, but if it doesn't,
it doesn't.... I will be impartial during my testing, and will *not*
skew the test results!
> One sideshow-ish note which I hope helps:
>
> I'd crib from PFSense (yes, I know that sounds awful to any OpenBSD user, my apologies), but their stock system tuning is thoughtful, in particular, the network i/o sysctls. Groking the intention of the sysctl tuning may be a great thing to skim through.
>
> https://github.com/bsdperimeter/pfsense
Awesome - thanks as always for the useful tips .ike!
Josh
More information about the talk
mailing list